AMENDMENT AND RESPONSE UNDER 37 CFR § 1.1 16 - EXPEDITED PROCEDURE Page 2 

Serial Number: 09/483,164 Dkt: 105.174US1 

Filing Date: January 14, 2000 

Title: LOCALLY ADAPTABLE CENTRAL SECURITY MANAGEMENT IN A HETEROGENEOUS NETWORK ENVIRONMENT 



IN THE DRAWINGS 



Enclosed are replacement sheets for Figs. 1-19. The replacement sheets are formal 
drawings for Figs. 1-19. 
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REMARKS 

This responds to the Office Action dated November 15, 2005. Claims 6 and 1 1 are 
amended; as a result, claims 1-35 are now pending in this application. 

$101 Rejection of the Claims 
Claims 6-13 were rejected under 35 U.S.C. § 101 as being directed to non-statutory 
subject matter. Claims 6 and 1 1 were amended to better recite the subject matter. Applicant 
respectfully requests reconsideration and allowance of claims 6-13. 

SI 12 Rejection of the Claims 

1. Claims 6-10 were rejected under 35 U.S.C. § 1 12, first paragraph, as failing to comply 
with the written description requirement. Applicant respectfully traverses the rejection. 

The Final Office Action dated November 15, 2005 (hereinafter, "the Office Action") 
states that the specification does not describe how a "layer" can combine keys into key chains, 
etc., as a layer is an abstract idea. 1 Claim 6 was amended to better recite the subject matter. 

Applicant respectfully requests reconsideration and allowance of claims 6-10. 

2. Claims 6-13 were rejected under 35 U.S.C. § 1 12, second paragraph, for being indefinite 
for failing to particularly point out and distinctly claim the subject matter which the applicant 
regards as the invention. Claims 6 and 1 1 were amended to clarify the subject matter of the 
claims. Applicant respectfully requests reconsideration and allowance of claims 6-13. 

$102 Rejection of the Claims 
1. Claims 1-3, 5, and 1 1-13 were rejected under 35 U.S.C. § 102(a) for anticipation by the 
printed publication "Role Based Access Control Framework for Network Enterprises" by 
Thomsen, O'Brien and Bogle ("Thomsen"). Applicant respectfully traverses the rejection. 
Affidavits enclosed herewith are submitted under 37 C.F.R. § 1.131 to establish the 
inapplicability of using the Thomsen reference. Applicant respectfully requests reconsideration 
and allowance of claims 1-3, 5, and 11-13. 



1 Office Action, pg. 8 f 19. 
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2. Claims 1-35 were rejected under 35 U.S.C. § 102(a) for anticipation by the printed 
publication "Napoleon Network Application Policy Environment" by Thomsen, O'Brien and 
Payne ("Thomsen"). Applicant respectfully traverses the rejection. Affidavits enclosed herewith 
are submitted under 37 C.F.R. § 1.131 to establish the inapplicability of using the Thomsen 
reference. Applicant respectfully requests reconsideration and allowance of claims 1-35. 

3. Claims 1-4 and 32 were rejected under 35 U.S.C. § 102(a) for anticipation by "The 
ARBAC97 Model for Role-Based Administration of Roles" by Sandhu et al. ("Sandhu"). 
Applicant respectfully traverses the rejection. 

The Office Action fails to establish proper prima facie anticipation because Sandhu does 
not teach each all of the elements of claims 1-4 and 32. For instance, Applicant teaches at p. 9, 
that each security mechanism (e.g., a firewall Access Control List or the mechanism to protect an 
FTP server on a Unix host) must be described as an abstract representation of rights associated 
with the security mechanism (the key). Claims 1-4 and 32 state that Applicant's method of 
defining and enforcing a security policy requires that one encapsulate "security mechanism 
application specific information for each security mechanism". Applicant is unable to find a 
teaching or suggestion in Sandhu that would lead one to encapsulate "security mechanism 
application specific information for each security mechanism" as defined by Applicant and 
claimed in claims 1-4 and 32. Reconsideration is respectfully requested. 

Additionally, the Office Action reads permissions described in Sandhu onto the security 
mechanisms taught in the present patent application. 2 The present patent application teaches that 

• 3 

a security mechanism encapsulates security mechanism application specific information. 
Sandhu defines a permission as "an approval of a particular mode of access to one or more 
objects in a system or some privilege to carry specified action." 4 Thus, the permission of Sandhu 
does not teach or suggest encapsulating security mechanism application specific information for 
each security mechanism" as defined by Applicant. 

In another example, Applicant cannot find in Sandhu any teaching or suggestion of 
encapsulating key chains as keys and passing the key chain keys to another semantic layer, as 
recited in claim 1 and incorporated into claims 2-4 and 32. The Office Action reads the UP-roles 

2 Final Office Action, pg. 1 1 H 0025. 

3 Patent Application, pg. 6 lines 18-26. 

4 Sandhu, pg. 1071(107. 
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of Sandhu onto the semantic layers of the present patent application. Sandhu describes where 
creation of a new role requires the specification of its immediate parent and child in the existing 
hierarchy. 5 Thus, even if the Office Action was correct in the characterization of a UP-role as a 
semantic layer, the UP-role of Sandhu does not teach or suggest the flexibility of passing the key 
chain keys to another semantic layer. 

Applicant respectfully requests reconsideration and allowance of claims 1-4 and 32. 

$103 Rejection of the Claims 

Claims 5-10 were rejected under 35 U.S.C. § 103(a) as being unpatentable over Sandhu, 
as applied to claim 1 above, in further view of "Issues in the Design of Secure Authorization 
Service for Distributed Applications" by Varadharajan, Pato and Crall ("Crall"). Applicant 
respectfully traverses the rejection. 

To establish a prima facie case of obviousness, one criterion is the prior art reference (or 
references when combined) must teach or suggest all the claim limitations. 6 A claim in 
dependent form shall be construed to incorporate by reference all of the limitations of the claim 
to which it refers. 7 

Sandhu is described above. Crall describes a RBAC system. Crall describes a system in 
which entitlements define access rights for principals. Profiles are used to provide the same 
privileges to groups or classes of principals. In the example given at page 879, an administrator 
creates a profile called Teller that defines all the privileges granted to bank tellers. A principal 
that becomes a member of the Teller profile automatically has all the privileges assigned in it. 
The Examiner stated that privileges "represent authorization to access application-specific 
resources" and that "entitlements" are "encapsulated privileges" that "represent authority to 
perform tasks". 

As noted above, key limitations of claim 1 are missing from Sandhu and are not shown in 
Crall. Applicant respectfully suggests that claim 5 is patentable as dependent on claim 1 as 
described above. 



5 Sandhu, pg. 124, % 5.2. 
6 M.P.E.P. §2143. 
7 35 U.S.C. § 112 1(4. 



AMENDMENT AND RESPONSE UNDER 37 CFR § 1.116 - EXPEDITED PROCEDURE Page 13 

Serial Number: 09/483,164 Dk * : 105.174US1 

Filing Date: January 14, 2000 

Title: LOCALLY ADAPTABLE CENTRAL SECURITY MANAGEMENT IN A HETEROGENEOUS NETWORK ENVIRONMENT 

With regard to claims 6-10, as noted in the discussion of claim 1 above, neither Sandhu 
nor Crall teach or suggest a security system having "a plurality of semantic layers within a model 
implemented on the computer network, wherein the two or more of the semantic layers include 
keys combinable into key chains, the key chains are able to be encapsulated as key chain keys, 
and the key chain keys are exportable to another semantic layer, wherein each key encapsulates 
security mechanism application specific information for a security mechanism" as described by 
Applicant and presently recited or incorporated in claims 6-10. 
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CONCLUSION 

Applicant respectfully submits that the claims are in condition for allowance and 
notification to that effect is earnestly requested. The Examiner is invited to telephone 
Applicant's attorney (612) 371-2172 to facilitate prosecution of this application. 

If necessary, please charge any additional fees or credit overpayment to Deposit Account 
No. 19-0743. 

Respectfully submitted, 
DANIEL J. THOMSEN ET AL. 
By their Representatives, 
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